This blog is a collection of notes that reflect personal experiences in systems and network administration. "Let all things be done securely."

Friday, February 18, 2005

Commercial Software Regulation

With all the push lately for security in the software and IT markets, what will it take for companys to implement secure practices? According to Richard Clarke, former Whitehouse cybersecurity and counterterrorism adviser, there must be some regulation put in place to force companys to adhere to open standards and regulations which will promote better cybersecurity:

"But Clarke, during one panel discussion yesterday, called on Microsoft and other software companies to become more publicly accountable in their efforts to develop secure software. He said he asked Microsoft last year to disclose the specific quality-assurance practices it was following in the pursuit of more-secure software code.

The idea, he said, would be for the software industry to collectively come up with a set of best practices for secure software development. Outside experts would then be able to judge how well each company lives up to those practices.

"There's no fine involved, there's no liability involved, but the marketplace is better informed, and the marketplace works better when it knows what's going on," Clarke said, drawing a round of applause from the crowd at San Francisco's Moscone Center. Panelists compared the concept to the effort to hold public companies to standards for financial reporting under the Sarbanes-Oxley Act."

With the creation of open standards which will be regulated by the IT industry itself, and held accountable by the government and people, the industry will be able to move forward with the security and safety of the Internet and applications that rely on the internet.